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Amendments to the Claims 

1. (Currently Amended) A method comprising: 

performing, at a cli e nt, to outgo i ng pack e ts having th e cl ie nt's private 
sourc e IP address and g e n e ra li z e d port numb e r (GPN) and a protoco l not d i r e ct l y 
support e d by a n e twork addr e ss translator (NAT) at wh i ch the c lie nt's privat e 
sourc e I P address and GPN ar e translat e d to a NAT'S g l oba l sourc e I P addr e ss 
and GPN, r e spect i v el y, th e functions of an App l icat i on Lay e r Gat e way (ALG) that 
need to bo i mp l em e nt e d in assoc i at i on w i th th e NATs translations 

peforminq t at a client, the functions of an Application Layer Gateway 
(ALG) that need to be implemented in association with a network address 
translator's (NATs) translations to outgoing packets from the client that have a 
protocol not directly supported by the NAT and that have the client's private 
source IP address and generalized port number (GPN) and which are translated 
by the NAT to a NAT's global source IP address and GPN, respectively, the 
translations by the NAT being performed in response to a reguest previously sent 
by the client to the NAT that defines for the unsupported protocol a location of the 
GPN within packets sent between the client and the NAT that indicates a bit 
position where the GPN begins within such packets and a length of the GPN . 

2. (Original) A method comprising: 

p e rforming, at a cli e nt, to i ncoming pack e ts s e nt to a n e twork addr e ss 
trans l ator's (NAT's) g l oba l d e st i nation I P addr e ss and g e n e ra l iz e d port numb e r 
(GPN) and hav i ng a protoco l not dir e ct l y support e d by th e NAT at wh i ch th e 
NAT's globa l destination IP addr e ss and GPN aro trans l ated to the c l ient's 
privat e dest i nat i on I P addr e ss and GPN, respectiv el y, the functions of an 
App li cat i on Lay e r Gat e way (ALG) that n ee d to b e i mp le m e nted i n association 
with the NAT's translations 
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performing, at a client, the functions of an Application Layer Gateway 
(ALG) that need to be implemented in association a network address translator's 
(NATs) translations to incoming packets directed to the client that are sent to a 
global destination IP address and generalized port number (GPN) of the NAT, 
which packets have a protocol not directly supported by the NAT and at which 
NAT the NAT's global destination IP address and GPN in the incoming packets 
are translated to a private destination IP address and GPN f respectively, of the 
client, the translations by the NAT being performed in response to a reguest 
previously sent by the client to the NAT that defines for the unsupported protocol 
a location of the GPN within packets sent between the NAT and the client that 
indicates a bit position where the GPN begins within such packets and a length 
of the GPN . 

3- (Currently Amended) A method comprising: 

modifying, at a client, outgoing packets having the client's private source 
IP address and generalized port number (GPN) and a protocol not directly 
supported by a network address translator (NAT) at which the client's private 
source IP address and GPN are translated to the NAT's global source IP address 
and GPN, respectively, the packets being modified so as to pre-compensate for 
the effects on the packets of the IP address and GPN translations , the 
translations by the NAT being performed in response to a reguest previously sent 
by the client to the NAT that defines for the unsupported protocol a location of the 
GPN within packets sent between the client and the NAT that indicates a bit 
position where the GPN begins within such packets and a length of the GPN . 
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4. (Original) The method of claim 3 wherein modifying the packets 
comprises modifying a TCP or UDP checksum in a packet's TCP or UDP header 
to account for the IP address and TCP or UDP source port number translations. 

5. (Original) The method of claim 4 wherein modifying the checksum 
comprises adding to the TCP or UDP checksum the difference between the 
global and private source IP addresses, and the difference between global and 
private TCP or UDP source port numbers. 

6. (Original) The method of claim 3 wherein the protocol is an 
authenticating and/or encrypting-decrypting AH or ESP IPSec security protocol in 
a tunnel or a transport mode, and modifying the packets comprises: 

before authentication and/or encryption, in the transport mode, replacing 
the client's source port number with a global port number, or in the tunnel mode, 
replacing an encapsulated client's source IP address and port number by the 
NAT'S global IP address and port number; and 

adding to a TCP or UDP checksum in a packet's TCP or UDP header, the 
difference between the global and private source IP addresses, and the 
difference between global and private TCP or UDP source port numbers. 

7. (Original) The method of claim 6 further comprising processing any 
necessary Application Layer Protocol (ALG). 

8. (Original) The method of claim 7 further comprising, for the AH 
protocol, computing each packet's authentication data as if the source IP address 
were equal to the NAT'S global IP address. 
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9. (Currently Amended) A method comprising: 

modifying, at a client, incoming packets sent to a network address 
translator's (NAT's) global destination IP address and generalized port number 
(GPN) and having a protocol not directly supported by the NAT at which the 
NAT'S global destination IP address and GPN are translated to the client's 
private destination IP address and GPN, the packets being modified so as to 
post-compensate for the effects on the packets of the IP address and GPN 
translations , the translations by the NAT being performed in response to a 
request previously sent by the client to the NAT that defines for the unsupported 
protocol a location of the GPN within packets sent between the NAT and the 
client that indicates a bit position where the GPN begins within such packets and 
a length of the GPN . 

10. (Original) The method of claim 9 wherein modifying the packets 
comprises modifying a TCP or UDP checksum in a packet's TCP or UDP header 
to account for the destination IP address and TCP or UDP destination port 
number translations. 

11. (Original) The method of claim 10 wherein modifying the checksum 
comprises subtracting from the TCP or UDP checksum the difference between 
the global and private destination IP addresses, and the difference between the 
global and private TCP or UDP destination port numbers. 

12. (Original) The method of claim 9 wherein the protocol is an 
authenticating and/or encrypting-decrypting AH or ESP IPSec security protocol in 
a tunnel or a transport mode, and modifying the packets comprises: 
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after authentication and/or decryption, in the transport mode, replacing the 
NAT'S global destination port number with the client's private port number, or in 
the tunnel mode, replacing in a decapsulated packet the NATs global destination 
IP address and port number by the client's private IP address and port number; 
and 

subtracting from a TCP or UDP checksum in a TCP or UDP header, the 
difference between the global and private destination IP addresses, and the 
difference between the global and private TCP or UDP destination port numbers. 

13. (Original) The method of claim 12 further comprising processing any 
necessary Application Layer Gateway (ALG) after authentication and/or 
decryption. 

14. (Original) The method of claim 13 further comprising, for the AH 
protocol, computing each packet's authentication data as if the destination IP 
address were equal to the NATs global IP address. 

15. (Currently Amended) Apparatus at a client comprising: 

means for modifying packets having the client's private source IP address 
and generalized port number (GPN) and having a protocol not directly supported 
by a network address translator (NAT) at which the client's private source IP 
address and GPN are translated to the NATs global source IP address and 
GPN, respectively, so as to pre-compensate for the effects on the packets of the 
IP address and GPN translations , the translations by the NAT being performed in 
response to a request previously sent by the client to the NAT that defines for the 
unsupported protocol a location of the GPN within packets sent between the 
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client and the NAT that indicates a bit position where the GPN begins within such 
packets and a length of the GPN ; and 

means for sending the packets to the NAT. 

16. (Original) The apparatus in accordance with claim 15 wherein the 
modifying means comprises means for modifying a TCP or UDP checksum in a 
TCP or UDP header in the packets to account for the IP address and TCP or 
UDP source port number translations. 

17. (Original) The apparatus in accordance with claim 16 wherein the 
means for modifying a TCP or UDP checksum comprises means for adding to 
the TCP or UDP checksum the difference between the global and private source 
IP addresses, and the difference between global and private TCP or UDP source 
port numbers. 

18. (Original) The apparatus of claim 15 wherein the protocol is an 
authenticating and/or encrypting-decrypting AH or ESP IPSec security protocol in 
a tunnel or a transport mode, and the means for modifying the packets 
comprises: 

means for, before authentication and/or encryption, in the transport mode, 
replacing the client's source port number with a global port number, or in the 
tunnel mode, replacing an encapsulated client's source IP address and port 
number by the NAT'S global IP address and port number; and 

means for adding to a TCP or UDP checksum in a packet's TCP or UDP 
header, the difference between the global and private source IP addresses, and 
the difference between global and private TCP or UDP source port numbers. 
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19. (Original) The apparatus of claim 18 further comprising means for 
processing any necessary Application Layer Protocol (ALG). 

20. (Original) The apparatus of claim 19 further comprising means for 
computing each packet's authentication data as if the source IP address were 
equal to the NAT'S global IP address, for the AH protocol. 

21 . (Currently Amended) Apparatus at a client comprising: 
means for receiving packets sent to a network address translator's 

(NAT's) global destination IP address and generalized port number and having a 
protocol not directly supported by the NAT at which the NAT's global destination 
IP address and GPN are translated to the client's private destination IP address 
and GPN, respectively , the translations by the NAT being performed in response 
to a request previously sent by the client to the NAT that defines for the 
unsupported protocol a location of the GPN within packets sent between the NAT 
and the client that indicates a bit position where the GPN begins within such 
packets and a length of the GPN ; and 

means for modifying the packets so as to post-compensate for the effects 
on the packets of the IP address GPN translations. 

22. (Original) The apparatus of claim 21 wherein the modifying means 
comprises means for modifying a TCP or UDP checksum in a TCP or UDP 
header in the packets to account for the destination IP address and TCP or UDP 
destination port number translations. 

23. (Original) The apparatus of claim 22 wherein the means for modifying 
a TCP or UDP checksum comprises means for subtracting from the TCP or UDP 
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checksum the difference between the global and private destination IP 
addresses, and the difference between global and private TCP or UDP 
destination port numbers. 

24. (Original) The apparatus of claim 21 wherein the protocol is an 
authenticating and/or encrypting-decrypting AH or ESP IPSec security protocol in 
a tunnel or a transport mode, and the means for modifying the packets 
comprises: 

means for, after authentication and/or decryption, in the transport mode, 
replacing the NAT's global destination port number with the client's private port 
number, or in the tunnel mode, replacing in a decapsulated packet the NATs 
global destination IP address and port number by the client's private IP address 
and port number; and 

means for subtracting from a TCP or UDP checksum in a TCP or UDP 
header, the difference between the global and private destination IP addresses, 
and the difference between the global and private TCP or UDP destination port 
numbers. 

25. (Original) The apparatus of claim 24 further comprising means for 
processing any necessary Application Layer Protocol (ALG). 

26. (Original) The apparatus of claim 25 further comprising means for 
computing each packet's authentication data as if the destination IP address 
were equal to the NAT's global IP address, for the AH protocol. 

27. (Currently Amended) Apparatus at a client comprising: 
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means for performing the functions of an Application Layer Gateway 
(ALG) that need to be implemented in conjunction with a network address 
translator's (NATs) translation of packets that are not directly supported by the 
NAT at which the client's private source IP address and generalized port number 
(GPN) are translated to the NATs global IP address and GPN . the translations 
by the NAT being performed in response to a request previously sent by the 
client to the NAT that defines for the unsupported protocol a location of the GPN 
within packets sent between the client and the NAT that indicates a bit position 
where the GPN begins within such packets and a length of the GPN ; and 

means for sending the packets on which the functions of the ALG have 
been performed to the NAT. 

28. (Currently Amended) Apparatus at a client comprising: 
means for receiving packets sent to a network address translator's 
(NATs) global destination IP address and generalized port number (GPN) and 
having a protocol not directly supported by the NAT at which the NAT's global 
destination IP address and GPN are translated to the client's private destination 
IP address and GPN, respectivel y, the translations by the NAT being performed 
in response to a reguest previously sent by the client to the NAT that defines for 
the unsupported protocol a location of the GPN within packets sent between the 
NAT and the client that indicates a bit position where the GPN begins within such 
packets and a length of the GPN ; and 

means for performing the functions of an Application Layer Gateway 
(ALG) that need to be implemented in association with the NAT's translations. 
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29. (Currently Amended) A computer readable media tangibly 
embodying a program of instructions executable by a computer to perform a 
method at a client, the method comprising: 

modifying outgoing packets having the client's private source IP address 
and generalized port number (GPN) and a protocol not directly supported by a 
network address translator (NAT) at which the client's private source IP address 
and GPN are translated to the NAT'S global source IP address and GPN, 
respectively, the packets being modified so as to pre-compensate for the effects 
on the packets of the IP address and GPN translations , the translations by the 
NAT being performed in response to a request previously sent by the client to the 
NAT that defines for the unsupported protocol a location of the GPN within 
packets sent between the client and the NAT that indicates a bit position where 
the GPN begins within such packets and a length of the GPN . 

30. (Original) The media of claim 29 where in the method modifying the 
packets comprises modifying a TCP or UDP checksum in a packet's TCP or UDP 
header to account for the IP address and TCP or UDP source port number 
translations. 

31. (Original) The media of claim 29 where in the method modifying the 
checksum comprises adding to the TCP or UDP checksum the difference 
between the global and private source IP addresses, and the difference between 
global and private TCP or UDP source port numbers. 

32. (Original) The media of claim 29 where in the method the protocol is 
an authenticating and/or encrypting-decrypting AH or ESP IPSec security 
protocol in a tunnel or a transport mode, and modifying the packets comprises: 
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before authentication and/or encryption, in the transport mode, replacing 
the client's source port number with a global port number, or in the tunnel mode, 
replacing an encapsulated client's source IP address and port number by the 
NATs global IP address and port number; and 

adding to a TCP or UDP checksum in a packet's TCP or UDP header, the 
difference between the global and private source IP addresses, and the 
difference between global and private TCP or UDP source port numbers. 

33. (Original) The media of claim 29 wherein the method further 
comprises processing any necessary Application Layer Protocol (ALG). 

34. (Original) The media of claim 33 wherein the method further 
comprises, for the AH protocol, computing each packet's authentication data as if 
the source IP address were equal to the NAT's global IP address. 

35. (Currently Amended) A computer readable media tangibly 
embodying a program of instructions executable by a computer to perform a 
method at a client, the method comprising: 

modifying incoming packets sent to a network address translator's (NAT's) 
global destination IP address and generalized port number (GPN) and having a 
protocol not directly supported by the NAT at which the NAT's global destination 
IP address and GPN are translated to the client's private destination IP address 
and GPN, the packets being modified so as to post-compensate for the effects 
on the packets of the IP address and GPN translations , the translations by the 
NAT being performed in response to a request previously sent by the client to the 
NAT that defines for the unsupported protocol a location of the GPN within 
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packets sent between the NAT and the client that indicates a bit position of 
where the GPN begins within such packets and a length of the GPN . 

36. (Original) The media of claim 35 where in the method modifying the 
packets comprises modifying a TCP or UDP checksum in a packet's TCP or UDP 
header to account for the destination IP address and TCP or UDP destination 
port number translations. 

37. (Original) The media of claim 36 where in the method modifying the 
checksum comprises subtracting from the TCP or UDP checksum the difference 
between the global and private destination IP addresses, and the difference 
between the global and private TCP or UDP destination port numbers. 

38. (Original) The media of claim 35 where in the method the protocol is 
an authenticating and/or encrypting-decrypting AH or ESP IPSec security 
protocol in a tunnel or a transport mode, and modifying the packets comprises: 

after authentication and/or decryption, in the transport mode, replacing the 
NATs global destination port number with the client's private port number, or in 
the tunnel mode, replacing in a decapsulated packet the NAT's global destination 
IP address and port number by the client's private IP address and port number; 
and 

subtracting from a TCP or UDP checksum in a TCP or UDP header, the 
difference between the global and private destination IP addresses, and the 
difference between the global and private TCP or UDP destination port numbers. 



13 



Serial Np. 09/69897.8 



39. (Original) The media of claim 38 wherein the method further 
comprises processing any necessary Application Layer Gateway (ALG) after 
authentication and/or decryption. 

40. (Original) The media of claim 39 wherein the method further 
comprises, for the AH protocol, computing each packet's authentication data as if 
the destination IP address were equal to the NAT'S global IP address. 
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